1. Field of the Invention
The present invention relates to a management system for distributed out-of-band security databases. More particularly, the management system relates to security for computer networks and maintains security whether the network server is in-service or out-of-service. As the encryption and decryption of the security system of this invention are asynchronous, the management system of the security database is independent of time and event monitoring. With the management system hereof, remote access obtained by a technician to any network element or to any related distributed database thereof is secure through in-band or out-of-band routing.
2. Background Information
In the current technology, for direct access to the functions of the router/server, most routers provide a console maintenance port which is typically connected to a modem for convenient remote access. When a network problem occurs, the technician has several options depending upon the topological and geographical configuration of the network. A technician servicing a simple network, which is in close proximity to the router/server, is able for diagnostic testing to access directly the console maintenance port. In a more diverse and complex network there are more options with different consequences.
When the technician and the router are not in geographical proximity and a network problem occurs, one of several options are available. The technician can have someone at the remote site where the router exists diagnose the problem and report back by telephone. This requires having, at the site of the router, a person of similar skills and tools as the technician. Another option is for the technician to travel to the site. Besides losing the services of the technician during travel, this may also require an overnight stay. Alternatively, when a dial-up modem has been placed on the console/maintenance port of the router, the technician can dial into the modem at anytime. While this solves the remote diagnostic problem, a breach of security is created as anybody can now access the router/server as there is absolutely no security or audit. To minimize the breach of security, the technician may, by contacting someone at the remote site, have the modem operational only when a problem occurs. The attendant turns on the modem for diagnostic and maintenance work and turns off the modem when the work is completed. This requires a person at the remote site at all times, off-site diagnostic and maintenance work is proceeding, and may require attendance twenty four hours a day, seven days a week. At this point, security is dependent upon human factors, e.g. the person at the remote site remembering to turn off the modem, or purposely leaving the modem on out of laziness, or intentionally leaving the modem on so as to connect after hours unnoticed by the global security system.
More recently, the technology of a RADIUS or TACACS+ authentication server has become available for authenticating the dial-up call to a remote network element. These technologies each utilize a single network security server which must be accessed via the network each time security is required. While this provides a two-factor authentication, utilizing a token, as the operation of RADIUS or TACACS+ protocol requires network connectivity for operation, such authentication is impractical. In this case, if the router/server has network connectivity, the technician usually may gain access to the network to access through the router/server (an in-band route) and then is not limited by the data transfer rate over the telephone line, and, if the router/server does not have network connectivity, the technician is limited to dialing access through the console/maintenance port. Now because of the lack of network connectivity, the RADIUS/TACACS+ authentication is also inoperative and provides either no security or only default password security into the console/maintenance port. Another alternative is that the technician can install password modems at all the remote sites requiring dial-up access. While this solves the remote access problems, an unacceptable system is created as: (1) password authentication is weak and (2) security management becomes cumbersome. While it is widely accepted that two factor authentication should be used, such strong authentication modems are not commonly available. The security management defect results from having possibly hundreds of individual databases scattered around the network. Then, the updating of these databases and the obtention of audit information, if available, become manpower intensive activities.
In summary, RADIUS and TACACS+ do not address the problems associated with remote technician access to router/server ports. This problem can only be adequately addressed by strong authentication, centrally managed, secure access modems.
In preparing for this patent application the inventor became familiar with several patents in the field of security systems and security for databases. In general, most of the patents in this technology teach the manner in which a user is authenticated prior to gaining access through a centralized security database to a remote network element.
The patent to Wirstrom et al., U.S. Pat. No. 4,694,492 teaches the generating of a sequentially assigned event identifier by the host computer and encrypted into the authorization request by a remote network element, which thereupon sends an event-coded encryption to the host computer for authorization. Wirstrom et al. has a fixed key and a stored transitory key. This patent deals with a two-part encryptor. One part the user carried from site to site. The other remains at each site to receive the other part similar to an electronic identification card that allows you through electronically locked doors.
The patent to Mihm, Jr., U.S. Pat. No. 5,249,230 teaches the generating by the host computer of an encrypted credential that is then transmitted to and embedded in a remote device. Public key technology is then used to authenticate. This patent teaches the use of public key technology to authenticate the terminal. The system first assigns an equipment identifier and a user identifier for the terminal. Then the two identifiers are encrypted with a secret key and the encrypted date is stored on the remote terminal. A public key is sent to authentication nodes which receive the encrypted data using a public key and the authentication nodes then decrypt and compare.
The patent to Boebert et al., U.S. Pat. No. 5,276,735 teaches a type of complex system usually associated with LAN security and describes keys, identifiers, and rights and privileges. This system only involves protecting stored data and does not extend to data in transit. Also Boebert et al. teaches chaining sequential transactions together so that a break-in is detected by a number being out of sequence.
The patent to Suzuki et al., U.S. Pat. No. 5,377,267, teaches a system is based on a wireless network where two communication networks are required to authenticate the user.
The patent to Heath, U.S. Pat. No. 5,451,757 teaches a portable terminal connection to an automated teller machine (ATM). In the Heath ""757 teachings, the user enters a two-part access code comprised of a personal identification number (PIN) and the portable terminal identifier. This entry is then compared at the host computer to an access code generated by the ATM. In contradistinction to the present disclosure, infra, this is not an out-of-band application insofar as operational control is by and through the host computer. Here, a secured message is transmitted to a remote technician, who after authentication, receives an encrypted message. The technician decrypts the message and reads an instruction, e.g. where he has to go to repair a disabled ATM. The system, because the files are check summed, encrypts only parts of an executable file.
The patent to Boeber, U.S. Pat. No. 5,499,297 teaches a plurality of hosts authenticating to a central security server. From the above discussion, it is seen that the long felt need for a management system for distributed, out-of-band security databases has not been met. Thus, the only totally secure and manageable remote access solution is to install strong authentication modems with a built-in centrally managed database. This disclosed system hereof eliminates the need for network connectivity for security network problems and outages. A centrally managed distributed security database allows a single management station to control access to thousands of router ports and to ensure the highest level of authentication for each attempt at access. The central manager, which connects both via network and dial line in case of outages, also provides daily audit reports from each modem containing a detailed list of all events on the modem.
The present invention overcomes the problems in prior art security facilities for wide area networks during maintenance thereof. In this invention, security databases are distributed at the console or maintenance port or each network element. A distributed database manager is provided to instantaneously update the databases and gather from each database transaction records. Central to the distributed database manager is a software program that polls the security databases located at each of the network elements, deposits updated databases, and formats various management reports from transaction records and from device failure records generated by the program). The software program enables the database manager to communicate with the network elements through either an in-band channel or an out-of-band channel. By shifting authentication of access seekers to security databases resident at each console port, security is maintained even though the network server is not in service. Using existing technology, all communications between the distributed database manager and the security database is in encrypted form.
It is an object of the present invention to provide a management system for distributed out-of-band security databases.
It is a further object of the present invention to provide a secure modem to protect remote access to the router console port.
It is yet another object of the present invention to provide a system of encrypted communications wherein all the authentications therein are asynchronous.
It is still yet another object of the present invention to provide a distributed database security system integrated with advanced modem management capabilities.
It is a feature of the present invention that the session keys are randomly generated and are nonsequential from one to the next.
It is another feature of the present invention that security databases are distributed to remote network elements and, even when the central database of the server is out-of-service, the system provides security therefor.
It is yet another feature of the present invention that the security device thereof may employ a challenge response which is an encrypted authentication based on a secret key in the remote technician""s hand held device or based on an encrypted file in the host authenticator""s security database.